RSS Alerts

Share

More services

Related Links

Related Stories

  • Social engineering: Re-defining the human factor
    Social engineering is a recent phenomenon designed to steal information from unsuspecting users and organisations. Raj Samani examines aspects of the practice and what those with access to this data can do to protect it.
  • Information security and the stock market
    The financial system is considered part of the critical national infrastructure as far as the USA is concerned. Danny Bradbury asks what steps are being taken to protect the stock market, and the companies that use it?
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…

Top 5 Stories

News

RSA Europe: Gateway data threatens identity and sensitive information

21 October 2009

In his keynote at RSA Europe in London, 20 October 2009, Hugh Thompson, chief security strategist, People Security, declared gateway data the next biggest threat to identity and valuable resources.

“While there has been an indisputable growth in information sharing online, there has been no clear direction for what we should share. The bad guys are leveraging this over-sharing”, said Thompson.

Gateway data, explained Thompson, “is data that seems harmless, but when used properly, can facilitate access to sensitive information”. Thompson declared three ways that gateway data can be used to illigetimately gain access to an identity or sensitive information:

  • Direct use
  • Amplification
  • Collective intelligence

Direct use of gateway data, said Thompson, refers to the data being transferred into access by rules. A password re-set is an example of this, “but is completely unreasonable today”, said Thompson. “This information [required for a reset] is now readily available thanks to social networking sites”, he said.

“Most people’s online identities have a common root”, Thompson argued, “this could be either a central email account or a mobile phone”, he explained.

Amplification of gateway data, Thompson said, “is data that can be amplified when bounced off a person”. This, Thompson declared, “is the new insider threat. The person that is ‘very chatty’ about their work online, is the one to watch”. Those exploiting gateway data, said Thompson, “use information gathered online to presume knowledge of their victim, and build trust”.

The final, and perhaps most worrying of all uses of gateway data, said Thompson, is “collective intelligence of gateway data”. He described this as data that can be compiled from different places and correlated to become interesting.

“Individuals will reveal small chunks of information about a company – they will offer up sensitive work information online without thinking about who might be looking at it”. People make bad decisions, said Thompson, “especially those lower down the corporate food-chain”.

Thompson concluded his RSA Europe keynote with advice on how not to become victim to the gateway data trend. “Look beyond traditional personal identification, and most importantly, create awareness around gateway data”.

 

This article is featured in:
Data Loss  • Identity and Access Management  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012